How to Create a SSL Certificate on Apache for Ubuntu 12.04

Introduction

Self Signed Certificates are useful for securing the information between web server and the user. A secure connection will be made by encrypting the site’s information. An SSL certificate can reveal the virtual private server’s identification information to the site visitors.

This tutorial will guide you to create and install Self Signed Certificates on Apache for Ubuntu 12.04.

Basic SetUp

Before setting up the self-signed certificate, make sure that Apache is already installed on your VPS.  If not, type in the command to install the package:

sudo apt-get install apache2

 

Activate SSL Module

Once you have installed apache, next step is to enable SSL on your droplet. You can use the following command for enabling ssl:

sudo a2enmod ssl

Now, let’s restart apache.

sudo service apache2 restart

 

Creating a New Directory

You have to create a new directory to store the server key and certificate. Use this command to create the directory:

sudo mkdir /etc/apache2/ssl


Creating a Self Signed SSL Certificate

You can create the self-signed SSL certificate and the server key with this command:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

You can specify the validity of the certificate by changing the 365 days to your preference. By default, it expires after one year. The above command will create the self-signed SSL certificate and server key and place them into the newly created directory.

On your terminal screen, you will need to fill in the required information. Enter your domain name or site’s IP address for ‘Common Name’.

 

You are about to be asked to enter information that will be 
incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name 
or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:StateName
Locality Name (eg, city) []:CityName
Organization Name (eg, company) [Internet Widgits Pty Ltd]:CompanyName
Organizational Unit Name (eg, section) []:OrganizationName
Common Name (e.g. server FQDN or YOUR name) []:example.com                  
Email Address []:[email protected]


Setting Up the Certificate

Now, you need to set up the virtual hosts to display the new certificate. Open the SSL config for editing.

nano /etc/apache2/sites-available/default-ssl

Search for the line ‘VirtualHost _default_:443’ and make the following changes.

  • The DocumentRoot and ServerName lines have to be uncommented.
  • Replace example.com with your DNS approved domain name or IP address.
  • Search for the last three lines of the snippet and update them accordingly.

Is should look like this:

<VirtualHost _default_:443>

ServerAdmin [email protected]

DocumentRoot /var/www/html

ServerName www.example.com

ServerAlias example.com

SSLEngine on

SSLCertificateFile /etc/apache2/ssl/apache.crt

SSLCertificateKeyFile /etc/apache2/ssl/apache.key

</VirtualHost>

Now, save and exit out of the file.

 

Activate the New Virtual Host

Enable your virtual host using the command;

sudo a2ensite default-ssl

Now, you need to restart and reload apache in order to bring in all the changes in place.

sudo service apache2 reload

You are done. Verify by typing https://youraddress in your browser to view the created certificate.

support2 has written 111 articles

Leave a Reply